Description This article describes how a critical heap-based buffer
overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote,
unauthenticated attacker to execute arbitrary code or commands with
specifically crafted requests. See the For...
Description Fortinet PSIRT Team has made extensive changes to the PSIRT
Process in recent months and this documents the changes and how
customers can receive updated on product vulnerabilities.FortiGuard
Website.All Vulnerabilities are posted on the ...
Introducing FortiMail 6.2FortiMail 6.2.0 has been approved and is being
distributed to the support site. This release adds several new features
including: MS Office 365 Active Threat Remediation FortiMail can now
perform post-delivery on-demand scan ...
FortiMail 6.0.0 is now released and has been distributed to the support
site. This release adds several new features: URI Click
ProtectionFortiMail rewrites selected links so that when a user clicks
the link in the email message, the will be directed...
FortiMail 5.4 has been approved for release and will be uploaded to the
support site in the next few hours.This version of FortiMail is a major
rework focused on enhancing the GUI, removing the need for plugins and
improving the configuration workflo...
Some additional debugging info from the FCT team if you want to dig into
this further. It does require to reproduce the issue so no use after the
fact. 1. register FCT to EMS2. after profile received, do the following
changes to registry on the
FCT:[...
This is network level detection so we are not logging the actual
application that is triggering this. I recommend opening a ticked to see
if there is more detail we can pull out of this for you. (DM me the
ticket ID and I will have someone take a loo...
See: CVE-2021-44228 — Apache Log4j Vulnerability | Fortinet for more
info. There are many ways this could have been triggered e.g. browsing
to a web site with this set in the headers. Initiating a connection with
these headers outbound. Also there ar...
Problem with this issue, the actual vulnerability can be behind the
system being targetted (see the blog here). FortiGate has no way of
knowing if the server is vulnerable or of there is log4j somewhere in
the path, just that the payload has been sen...